Develop Reference

snmp user configuration using Ansible

I Need to configure snmp user by checking the hosts os and wherever snmp user is blank add the snmp user
Steps Mentioned below :
Check if devices are accessible by SSH or not
The one's which are accessible, identify OS version and device Type
Based on the OS version and Device type, check
SNMP Configuration
run command on device : Show snmp user
if output received, no changes to be done.
if output not received, device eligble for
change
run command : Show run | include ^snmp-server
if network-admin and network-operator groups existing, then only implement the change to add lines "snmp-user group_name"
I did write anisble playbook which segregate the hosts on IOS and nx-os operating system bbut having difficulty to use multiple when conditions so that I can proceed for ios_config change
---
- name : configure snmp user
hosts: all
gather_facts: false
connection: network_cli
vars:
provider:
timeout: 60
tasks:
- name: show version of devices
nxos_command:
commands: show version
register: command_output
- name: check the snmp user nxos_command
nxos_command:
commands: "sh snmp user"
provider: "{{provider}}"
register: nxos_command_run
when: "'NX-OS' in command_output.stdout.0"
- name : display command ouput #running this to get correct values
debug: var=item
when: "'network-admin' in item"
loop:"{{nxos_command_run.stdout_lines.0}}"
#when: "'NX-OS' in command_output.stdout.0" - here I am unable to use two when conditions
so can someone please help me apply the logic for the required conditions

using netconf_get in an ansible playbook

I am testing out using netconf via Ansible and I keep getting this error when running the playbook:
ansible.module_utils.connection.ConnectionError:
AuthenticationException('Authentication timeout.',)
I am ablte to use ssh over port 830 to my Cisco device from the scripting server:
ssh cisco#10.1.1.1 -p 830 -s netconf
This is the playbook:
---
- name: My Playbook
hosts: 'my_host'
gather_facts: false
tasks:
- name: Execute the get_config RPC
netconf_get:
display: json
register: result
- name: Print the configuration as JSON
debug:
var: result.output
And the inventory is something like this:
[my_lab:children]
my_lab_iosxr
[my_lab:vars]
look_for_keys = False
host_key_checking = False
ansible_ssh_pass = 'cisco'
ansible_user = 'cisco'
[my_lab_iosxr]
my_host ansible_host=10.1.1.1 ansible_network_os=iosxr ansible_connection=netconf
I should add, I see this error on the console of the cisco device when attempting the play above:
Sep 8 17:37:42.218 UTC: SSHD_[67398]: %SECURITY-SSHD-3-ERR_GENERAL :
Failed to receive User authentication request

Looks like I have found the answer to my own question.
I decided to just write my own netconf module in python and I was getting the same error.
So I switched to using python installed on another machine and the same code works.
Seems like there is an issue with the version of python installed on that server...

Ansible: Trigger the task only when previous task is successful and the output is created

I am deploying a VM in azure using ansible and using the public ip created in the next tasks. But the time taken to create the public ip is too long so when the subsequent task is executed, it fails. The time to create the ip also varies, it's not fixed. I want to introduce some logic where the next task will only run when the ip is created.
- name: Deploy Master Node
azure_rm_virtualmachine:
resource_group: myResourceGroup
name: testvm10
admin_username: chouseknecht
admin_password: <your password here>
image:
offer: CentOS-CI
publisher: OpenLogic
sku: '7-CI'
version: latest
Can someone assist me here..! It's greatly appreciated.

I think the wait_for module is a bad choice because while it can test for port availability it will often give you false positives because the port is open before the service is actually ready to accept connections.
Fortunately, the wait_for_connection module was designed for exactly the situation you are describing: it will wait until Ansible is able to successfully connect to your target.
This generally requires that you register your Azure VM with your Ansible inventory (e.g. using the add_host module). I don't use Azure, but if I were doing this with OpenStack I might write something like this:
- hosts: localhost
gather_facts: false
tasks:
# This is the task that creates the vm, much like your existing task
- os_server:
name: larstest
cloud: kaizen-lars
image: 669142a3-fbda-4a83-bce8-e09371660e2c
key_name: default
flavor: m1.small
security_groups: allow_ssh
nics:
- net-name: test_net0
auto_ip: true
register: myserver
# Now we take the public ip from the previous task and use it
# to create a new inventory entry for a host named "myserver".
- add_host:
name: myserver
ansible_host: "{{ myserver.openstack.accessIPv4 }}"
ansible_user: centos
# Now we wait for the host to finished booting. We need gather_facts: false here
# because otherwise Ansible will attempt to run the `setup` module on the target,
# which will fail if the host isn't ready yet.
- hosts: myserver
gather_facts: false
tasks:
- wait_for_connection:
delay: 10
# We could add additional tasks to the previous play, but we can also start
# new play with implicit fact gathering.
- hosts: myserver
tasks:
- ...other tasks here...

Ansible ios playbook to gather IOS runinng config of diferents hosts to files

I'm looking to create a playbook on ansible to gather info of more than 300 hosts and save the info to a file. I get 2 diffente issues, one not being able to save the info to a file and the second issue comes because of telnet connection of some hosts, only working for ssh hosts.
ansible 2.9.3
under vm CentOS7
Already tried:
- name: "[SCAN][IOS] IOS play for scanning facts"
hosts: CISCO
connection: network_cli
ignore_errors: true
ignore_unreachable: true
vars:
ansible_network_os: ios
gather_facts: False
tasks:
- name: run show logging host ip on remote devices
ios_command:
commands: show run | i logging host
register: output
- debug:
var: output["stdout_lines"]
This playbook shows the ssh hosts results according to the configuration required, but I'm not able to save this info to a file.
On the other hand I would like to run this commands on telnet hosts, is it possible to run this in both connection types together and save to file?

ansible cisco ios_command module "unable to set terminal parameters"

I am running ansible v 2.5 and trying to run a basic "show clock" command on my switch.
How ever it errors out saying that it is unable to set terminal parameters,
following is my yml File:
---
- hosts: ios_devices
gather_facts: no
connection: local
vars_prompt:
- name: "mgmt_username"
prompt: "Username"
private: no
- name: "mgmt_password"
prompt: "Password"
tasks:
- name: SYS | Define provider
set_fact:
provider:
host: "{{ inventory_hostname }}"
username: "{{ mgmt_username }}"
password: "{{ mgmt_password }}"
- name: IOS | Show clock
ios_command:
provider: "{{ provider }}"
commands:
- show clock
register: clock
- debug: msg="{{ clock.stdout }}"
and on running the playbook i receive the following error:
fatal: [x.x.x.x]: FAILED! => {"msg": "unable to set terminal parameters"}

The error unable to set terminal parameters means that one (or both) of the following commands failed:
terminal length 0
terminal width 512
Try running those commands manually on your Cisco IOS switch to check they are supported.

I have faced the same problem but solved it after using "asa_command" module:
- hosts: ASA
connection: local
gather_facts: no
vars:
cli:
host: "{{ ansible_host }}"
username: "{{ ansible_user }}"
password: "{{ ansible_password }}"
authorize: yes
auth_pass: "{{ ansible_password }}"
tasks:
- name: run multiple commands and evaluate the output
asa_command:
commands:
- show service-policy
- show running-config
provider: "{{ cli }}"
register: output
- debug:
msg: "{{ output.stdout_lines }}"

Yes, have to be able to set the following two command:
terminal length 0
and
terminal width 512
You don't need specific privileges to be able to issue these commands. Both can be issued from the Cisco's regular CLI exec mode.
Check your username "commands" authorization privileges, that could be the issue. You may have a limited command authorization configured on your IOS device. If you have access to "show running" command, try checking aaa authorization using the following:
show run | i aaa authorization commands
If you see it defined on your router/switch, you'll need to talk to your network admin and make sure they allow you or the ansible user you are using to be able to issue "terminal length" and "terminal width" commands. I am not aware of any other way around this.
Just FYI, the "terminal" command is only limited to the user current active session, and will NOT affect any router operational parameters in any way. Once you logout, the terminal parameters will reset to its default.
As for the asa_command workaround, that's not recommended really. asa and ios have different output formatting, so, although may work for some cases, it is guaranteed to fail in other cases.
If you are using an ASA with PIXOS and having the same problem, use the "Pager" command to set the length of your terminal.
Please check out the following Cisco Community link for more information on setting terminal length on different Cisco devices:
Show the Complete Configuration without Breaks/Pauses on Cisco Router/Switches, ASA Firewall and WLC (Wireless LAN Controller)

I just happened to get this issue as well but for IOS XR. the problem for me is that i have created a set of new and unique credentials just for Ansible to access my devices and did not set the proper privileges for these. In my specific case, configuring the new set of credentials to be part of the "sysadmin" group solved the problem for me:
Cisco-IOS-XR Device
username ansible
secret ansible
**group sysadmin**
In case of the IOS / IOS XE devices should check the aaa configuration for the proper privileges as well.
Last but not least, for ASA, i assume it would be the exact same.